The hackers from the REvil gang has launched yet another far reaching ransomware attack just before the weekend and is demanding $70 million in Bitcoin before they will unlock the hijacked files.

This 4th of July weekend ransomware attack , apparently conducted by the Russian speaking group REvil represents a catastrophic combination of 2021’s most notorious cyber attack trends, supply chain attacks and ransomware.

REvil is one of the most prominent ransomware families on the planet responsible for dozens of major breaches since 2019, operating under a role to avoid attacks in the CIS. With this more than 10 countries have been affected by the attack.

Fred Voccola, CEO, Kaseya said, Kaseya is actively engaged with various governmental agencies including the FBI, CISA, Department of Homeland Security and the White House. FireEye Mandiant IR, a leading computer incident response firm, is also working closely with Kaseya on the security incident.

There were multiple questions are arising from the attack on why are the frequency of these attacks increasing? Will the demands keep increasing exponentially as they are paid? What is this latest flurry of cyber-attacks doing to the cyber insurance industry? What can corporations do to better protect themselves from these types of ransomware and malware attacks?

2021 has already broken records for cyber attacks, with an all-time high of 93% increase of ransomware and over 70% in all cyber attacks in the US in just 12 month. This Independence Day offensive has reached a record of ransomware victims, with an unknown scope of attacks mostly in the US, and we saw some victims in Europe as well. REvil is one of the most prominent ransomware families on the planet, responsible for dozens of major breaches since 2019, operating under a role to avoid attacks in the CIS.

They chose this weekend and this method for a reason. They looked for a back door to over a thousand companies- one target through which they infect numerous others in a pandemic-like chain, and they picked the weekend as they know that company IT staff go offline and that companies are often on a skeleton crew, where eyes aren’t watching. This helps the threat actors in a few ways:

· It allows the ransomware to be fully deployed before anyone notices.

· It induces more panic during response operations if key players within the victims environment are unavailable to respond, possibly increasing the chances that a ransom demand will be paid.

If you are running Kaseya VSA, unplug it from the network RIGHT NOW, although it might be too late

· Use EDR, NDR and other security monitoring tools to verify the legitimacy of any new files in the environment since 02 July

· Check with security product vendors to verify protections are in place for REvil ransomware

· If help is needed, call in a team of experts to help verify the situation within the environment”

This attack is should sound alarm for all companies. When you let your guards down, the attackers arrive. We should expect more attacks to strike during holidays and weekends, and with remote work generating the new normal, today’s hackers are more effective than ever. We may not know the full scope of damage by Wednesday.”